GHSA-X9CF-3W63-RPQ9 OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
Summary When iMessage remote attachment fetching is enabled channels.imessage.remoteHost, stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the...